Account

Security, Privacy, and Data Handling

5 min read

Understanding what happens to your data matters. This article explains Scope's security practices, what data we collect, how we store and protect it, and your rights as a customer.

What Data Scope Collects

Information You Provide

When you create a Scope account and add your business, we collect:

  • Account information: Email address, name, payment information (processed by Stripe, not stored directly)
  • Business information: Business name, website URL, category, location (city/state)
  • Competitor information: Names of competitors you add to your account
  • Custom prompts: Any prompts you add beyond the default library

Information We Generate Through Monitoring

  • AI responses: We capture and store the text responses AI platforms return when we run monitoring prompts for your business (not your customers' private data)
  • Visibility scores: Your AI Visibility Score and its components, calculated from monitoring data
  • Trend data: Historical score data over time

Information We Do NOT Collect

  • Personal information about your customers
  • Private data from AI platform users
  • Your website's internal data or analytics
  • Payment information (handled entirely by Stripe)

How We Use Your Data

To provide the service: Running monitoring scans, calculating your score, generating recommendations, displaying results in your dashboard.

To improve the service: Aggregated, anonymized usage data helps us improve prompt libraries, scoring algorithms, and features. We never use individually identifiable business data to improve the service without explicit permission.

We do NOT: Sell your data to third parties, use your business information to train AI models, or share your competitive data with competitors.

Data Storage and Security

Infrastructure:

  • Hosted on AWS (Amazon Web Services) in US-East-1
  • Data encrypted at rest using AES-256
  • Data encrypted in transit using TLS 1.3
  • Database backups taken daily, stored for 30 days

Access controls:

  • Scope employee access to customer data is restricted to personnel who need it to provide support
  • Employee access is logged and audited
  • We use multi-factor authentication for all internal systems

Subprocessors:

  • Stripe: Payment processing
  • Supabase: Database hosting
  • AWS: Infrastructure hosting
  • Resend: Transactional email delivery
  • Intercom: Customer support chat

A full list of subprocessors is available in our Privacy Policy.

Team Member Access Controls

Within your Scope account, you control who can access your data:

  • Admin: Full access to all businesses, billing, and team management
  • Editor: Can view and modify business data; cannot access billing
  • Viewer: Read-only access to business data; cannot make changes or access billing

All team member access is logged. You can remove team members at any time in Account Settings → Team.

Data Retention

| Data type | Retention period | |---|---| | Account information | Retained until account deletion | | Business monitoring data | 12 months | | Individual prompt responses | 90 days | | Aggregated score history | Indefinitely (while account is active) | | Payment records | 7 years (legal requirement) |

Upon account deletion, all personal and business data is permanently deleted within 30 days. Payment records are retained as required by law.

Your Rights

As a Scope customer, you have the right to:

  • Access: Request a copy of all data we have about you and your business
  • Correction: Update any incorrect data in your account
  • Deletion: Delete your account and have your data removed
  • Portability: Export your monitoring data in CSV or JSON format
  • Objection: Opt out of non-essential data processing

To exercise any of these rights, contact us at privacy@scope.online or use the Account Settings → Privacy section.

GDPR and CCPA Compliance

Scope is compliant with GDPR (EU General Data Protection Regulation) and CCPA (California Consumer Privacy Act).

For EU customers, Scope acts as a Data Processor for the business data you provide. A Data Processing Agreement (DPA) is available upon request at privacy@scope.online.

For CCPA purposes, Scope does not sell personal information as defined by the CCPA.

Security Incident Response

In the event of a data breach affecting your account:

  1. We will notify affected customers within 72 hours of discovery
  2. Notification will include: what happened, what data was affected, what steps we took, and what you should do
  3. For EU customers, we will notify the appropriate supervisory authority where required

Reporting a Security Concern

If you discover a potential security vulnerability, please report it responsibly to:

  • Email: security@scope.online
  • We aim to respond to security reports within 24 hours

We do not pursue legal action against security researchers who report issues in good faith.

Q: Does Scope access my Google Analytics or Search Console data? A: No — Scope monitors AI platforms independently using our own infrastructure. We do not connect to or access your Google Analytics, Search Console, or any other analytics platform unless you explicitly integrate them.

Q: Who at Scope can see my business data? A: Access to customer data is restricted to employees who need it to provide support (e.g., troubleshooting a monitoring issue you reported). All access is logged. Our engineering team accesses only anonymized, aggregated data for product development purposes.

Free Scan

See how you show up right now

Get a free AI visibility report — no credit card required. See exactly how ChatGPT, Claude, Gemini, and Perplexity describe your business.

Run my free scan

Free scan · No credit card · Results in ~60 seconds

Related Guides

Account

Billing and Plans

Read
Account

Managing Teams and Business Slots

Read
Getting Started

Agency Setup — Managing Multiple Clients in Scope

Read